CLAIMS 



What is claimed is: 

1 . A method of authenticating a client to a content server comprising the steps of: 

generating a ticket associated with said client, said ticket comprising a first ticket 
and a second ticket wherein said second ticket is disabled from use; 
transmitting said first ticket to said client; 
validating said first ticket; 

using said first ticket to establish a communication session with a content server 
proxy after said first ticket is validated; 

enabling said second ticket for use upon said validation of said first ticket; and 
using said enabled second ticket to establish a communication session with said 

content server. 

2. The method of claim 1 wherein, prior to generating said ticket associated with said client, 
said client is authenticated to a web server. 

3 . The method of claim 1 wherein said ticket authority transmits said first ticket to a web 
server and said web server transmits said first ticket to said client. 

4. The method of claim 1 wherein said client transmits said first ticket to said content server 
proxy. 

5. The method of claim 1 wherein said content server proxy transmits said first ticket to said 
ticket authority and said ticket authority transmits said second ticket to said content server proxy 
upon validation of said first ticket. 

6. The method of claim 1 wherein said content server proxy transmits said second ticket to 
said content server upon said enabling of said second ticket. 
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7. The method of claim 1 wherein said content server validates said second ticket with said 
ticket authority. 

8. The method of claim 7 wherein said content server makes a request to said ticket 
authority to validate said second ticket. 

9. The method of claim 7 wherein said ticket authority pushes said second ticket to said 
content server for validation. 

10. The method of claim 1 wherein said ticket authority transmits said second ticket to a web 
server and said web server pushes said second ticket to said content server for validation. 

1 1 . The method of claim 1 wherein said ticket authority transmits said first ticket and said 
disabled second ticket to a web server and said web server transmits said first ticket and said 
disabled second ticket to said client. 

12. The method of claim 1 1 wherein said client transmits said first ticket and said disabled 
second ticket to said content server proxy. 

1 3 . The method of claim 1 further comprising transmitting said disabled second ticket to at 
least one of said content server proxy and a web server. 

14. The method of claim 1 further comprising transmitting said enabled second ticket to said 
content server proxy. 

1 5 . The method of claim 1 wherein a communication session protocol is established between 
said client and said content server. 

16. The method of claim 1 wherein a first communication session protocol is established 
between said client and said content server proxy and a second communication session protocol 
is established between said content server proxy and said content server. 
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17. The method of claim 16 wherein said first communication session protocol is different 
from said second communication session protocol. 

18. The method of claim 1 wherein a first communication session protocol is established 
between said client and said content server proxy and a second communication session protocol 
is established between said client and a web server. 

1 9. The method of claim 1 8 wherein said first communication session protocol is different 
from said second communication session protocol. 

20. The method of claim 1 wherein said client comprises a web based browser. 

2 1 . The method of claim 1 wherein said content server proxy is a secure socket layer relay. 

22. The method of claim 1 wherein said transmitting of said second ticket to said content 
server proxy further comprises transmitting an address of said content server to said content 
server proxy. 

23 . A system for authenticating a user comprising: 

a client; 

a ticket authority; 
a content server; and 

a content server proxy in communication with said client, said ticket authority, 
and said content server, 

wherein said ticket authority generates a ticket associated with said client, said ticket 
comprising a first ticket and a second ticket, 

wherein said first ticket is transmitted to said client and used to establish a first 
communication session with said content server proxy, and 
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wherein said second ticket is transmitted to said content server proxy and used to 
establish a second communication session with said content server. 

24. The system of claim 23 wherein, prior to said ticket authority generating said ticket 
associated with said client, said client is authenticated to a web server. 

25. The system of claim 23 wherein said ticket authority transmits said first ticket to a web 
server and said web server transmits said first ticket to said client. 

26. The system of claim 23 wherein said client transmits said first ticket to said content 
server proxy. 

27. The system of claim 23 wherein said content server proxy transmits said first ticket to 
said ticket authority and said ticket authority transmits said second ticket to said content server 
proxy. 

28. The system of claim 23 wherein said content server proxy transmits said second ticket to 
said content server. 

29. The system of claim 23 wherein said content server validates said second ticket with said 
ticket authority. 

30. The system of claim 29 wherein said content server makes a request to said ticket 
authority to validate said second ticket. 

3 1 . The system of claim 29 wherein said ticket authority pushes said second ticket to said 
content server for validation. 

32. The system of claim 23 wherein said ticket authority transmits said second ticket to a web 
server and said web server pushes said second ticket to said content server for validation. 

33. The system of claim 23 wherein a disabled second ticket is transmitted with said first 
ticket to said client. 
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34. The system of claim 33 wherein said ticket authority transmits said first ticket and said 
disabled second ticket to a web server and said web server transmits said first ticket and said 
disabled second ticket to said client. 

35. The system of claim 33 wherein said client transmits said first ticket and said disabled 
second ticket to said content server proxy. 

36. The system of claim 33 wherein said content server proxy transmits said first ticket and 
said disabled second ticket to said ticket authority and said ticket authority enables said disabled 
second ticket. 

37. The system of claim 36 further comprising transmitting said enabled second ticket to said 
content server proxy. 

38. The system of claim 23 wherein a communication session protocol is established between 
said client and said content server. 

39. The system of claim 23 wherein a first communication session protocol is established 
between said client and said content server proxy and a second communication session protocol 
is established between said content server proxy and said content server. 

40. The system of claim 39 wherein said first communication session protocol is different 
from said second communication session protocol. 

41. The system of claim 23 wherein a first communication session protocol is established 
between said client and said content server proxy and a second communication session protocol 
is established between said client and a web server. 

42. The system of claim 41 wherein said first communication session protocol is different 
from said second communication session protocol. 

43. The system of claim 23 wherein said client comprises a web based browser. 
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44. The system of claim 23 wherein said content server proxy is a secure socket layer relay. 

45 . A system for authenticating a user comprising: 

a client; 

a ticket authority generating a ticket associated with said client, said ticket 
comprising a first ticket and a second ticket wherein said second ticket is disabled from use; 
a content server; 

a content server proxy in communication with said client, said ticket authority, 

and said content server and receiving said first ticket; and 

a web server in communication with said client and said ticket authority, 
wherein said content server proxy establishes a first communication session 

protocol between said client and said content server proxy after said ticket authority validates 

said first ticket, 

wherein said ticket authority enables said second ticket after said validation of 
said first ticket, and 

wherein said content server proxy uses said enabled second ticket to establish a 
second communication session protocol being different from said first communication session 
protocol. 

46. The system of claim 45 wherein said client is authenticated to said web server. 

47. The system of claim 45 wherein said ticket authority transmits said first ticket to said web 
server. 

48. The system of claim 45 wherein said web server transmits said first ticket to said client. 

49. The system of claim 45 wherein said client transmits said first ticket to said content 
server proxy. 
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50. The system of claim 45 wherein said content server proxy transmits said first ticket to 
said ticket authority. 

5 1 . The system of claim 45 wherein said ticket authority transmits said second ticket to said 
content server proxy. 

52. The system of claim 45 wherein said content server proxy transmits said second ticket to 
said content server. 

53. The system of claim 45 wherein said content server validates said enabled second ticket 
with said ticket authority. 

54. The system of claim 53 wherein said content server makes a request to said ticket 
authority to validate said enabled second ticket. 

55. The system of claim 53 wherein said ticket authority pushes said enabled second ticket to 
said content server for validation. 

56. The system of claim 45 wherein said ticket authority transmits said second ticket to said 
web server and said web server pushes said second ticket to said content server for validation. 

57. The system of claim 45 wherein a disabled second ticket is transmitted with said first 
ticket to said client. 

58. The system of claim 57 wherein said ticket authority transmits said first ticket and said 
disabled second ticket to said web server and said web server transmits said first ticket and said 
disabled second ticket to said client. 

59. The system of claim 57 wherein said client transmits said first ticket and said disabled 
second ticket to said content server proxy. 
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60. The system of claim 57 wherein said content server proxy transmits said first ticket and 
said disabled second ticket to said ticket authority and said ticket authority enables said disabled 
second ticket. 

61. The system of claim 60 further comprising transmitting said enabled second ticket to said 
content server proxy. 

62. The system of claim 45 wherein a communication session protocol is established between 
said client and said content server. 

63. The system of claim 45 wherein a third communication session protocol is established 
between said content server proxy and said content server. 

64. The system of claim 63 wherein said first communication session protocol is different 
from said third communication session protocol. 

65. The system of claim 45 wherein said client comprises a web based browser. 

66. The system of claim 45 wherein said content server proxy is a secure socket layer relay. 

67. A system for authenticating a user comprising: 

a client; 

a first ticket authority; 
a second ticket authority; 
a content server; and 

a content server proxy in communication with said client, said first ticket 

authority, and said content server, 

wherein said first ticket authority generates a first ticket associated with said client, 
wherein said second ticket authority generates a second ticket associated with said 

content server, 
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wherein said first ticket is transmitted to said client and used to establish a first 
communication session with said content server proxy, and 

wherein said second ticket is transmitted to said content server proxy and used to 
establish a second communication session with said content server. 
68. A system for authenticating a user comprising: 

means for generating a ticket associated with a client, said ticket comprising a 
first ticket and a second ticket; 

means for transmitting said first ticket to said client; 

means for using said first ticket to establish a first communication session with a 

content server proxy; 

means for transmitting said second ticket to said content server proxy; and 
means for using said second ticket to establish a second communication session 

with a content server. 
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